ZDNet recently reported that a group of hackers has compromised SyTech, a subcontractor to the FSB, the Russian state intelligence/spy organization.
Hackers have breached SyTech, a contractor for FSB, Russia’s national intelligence service, from where they stole…www.zdnet.com
What was recovered was 7.5 TB of data comprising details of ongoing Russian Internet, spy and disinformation projects. ZDnet notes the following active projects in play:
FSB’S SECRET PROJECTS
Per different reports in Russian media, the files indicate that SyTech has been working on a multitude of projects since 2009 for FSB unit 71330 and for fellow contractor Quantum. Projects include:
Nautilus — a project for collecting data about social media users (such as Facebook and LinkedIn).
Nautilus-S — a project for deanonymizing Tor traffic with the help of rogue Tor servers.
Reward — a project to covertly penetrate P2P networks, like the one used for torrents.
Mentor — a project to monitor and search email communications on the servers of Russian companies.
Hope — a project to investigate the topology of the Russian internet and how it connects to other countries’ network.
Tax-3 — a project for the creation of a closed intranet to store the information of highly-sensitive state figures, judges, and local administration officials, separate from the rest of the state’s IT networks.
This discovery raises a number of concerns, including the fact that the Russian state intelligence agency is focused on data collection , as well as potentially disinformation and propaganda through both social media and the dark web.
Most of these projects haven’t been directly tied to use cases on the Internet; however, of the trove of data that was reviewed by BBC Russia, the following live activities were confirmed:
“The first was Nautilus-S, the one for deanonymizing Tor traffic. BBC Russia pointed out that work on Nautilus-S started in 2012. Two years later, in 2014, academics from Karlstad University in Sweden, published a paper detailing the use of hostile Tor exit nodes that were attempting to decrypt Tor traffic.
Researchers identified 25 malicious servers, 18 of which were located in Russia, and running Tor version 0.2.2.37, the same one detailed in the leaked files.
The second project is Hope, the one which analyzed the structure and make-up of the Russian segment of the internet.”
What’s curious about the test run that occurred in the Nordic countries is the coincidental timing with a Russian troll run that targeted a Finnish journalist.
As I reported in this Quarter’s #USARMY Cyber Defense Review:
“…What the attacks on Finland have underscored is the larger Russian agenda to target western Europe — specifically Germany. The case of the false ‘Lisa Story’ in Germany from January 2016 is often cited as a textbook example of Moscow’s modern in- formation capabilities.
Russian-language media reported allegations that a 13-year old Russian-German girl had been raped by migrants in Berlin before local authorities had time to verify the information. Those Russian reports were then picked up by mainstream news media in Germany and elsewhere. The false “Lisa Story” played out significantly across social media beyond Germany, most notably on Facebook, Twitter, and Reddit, where it was shared and re-shared with a significant impact. In the ‘Lisa Case’ we see evidence, for the first time, of several Russian elements of influence that are described in this article working in a coordinated way:
- A journalist from the First Russian TV channel picked up the case of the Russian-German girl and brought it to the main news in Russia;
- Russian foreign media like RT, Sputnik, and RT Deutsch reported on the case;
- Social media, as well as right wing groups, distributed the information on the Internet;
- Demonstrations were organized via Facebook involving representatives of the German-Russian minority (Deutschland Russen) as well as neo-Nazi groups;
- Russian foreign media in Germany reported from these demonstrations, which brought it to the German mainstream media;
- Finally, at the top political level, Russian Foreign Minister Sergey Lavrov made two public statements about his concerns about the inability of the German police and legal system to take such cases seriously because of political correctness.”
What the FSB hack clarifies is that there are a significant number of big data operations, as well as theater operations, focused at social media, Russian corporations, and citizens, as well as the dark web.
One could presume that— since tests have already been run —there are operating use cases for the FSB to utilize the technology in a forward facing campaign manner.
The longer-term results and impacts of this hack , as well as the clarification of these types of operational systems and data collection capabilities, should be something that gives us a reason for pause.
It does raise a number of questions about hegemony and forward facing data warfare and propaganda operations. It also paints a clear picture that the world of intelligence gathering has jumped from the Hollywood stereotype of a James Bond film into something far more cyberpunk.
Originally published on The Ish: https://theish.us/hackers-compromised-sytech-a-russian-fsb-contractor-heres-the-scoop-on-what-russia-s-3b1c4b597454